From 1cf52daa622fba24d1220bccc7038fc6f33643c4 Mon Sep 17 00:00:00 2001
From: jonathan <Jonathan.Heinz@telekom.de>
Date: Tue, 26 Nov 2024 13:05:42 +0100
Subject: [PATCH] Implement URL property from standard

The CSAF standard defines a URL property for remediation data.
This property was missing but is actively used by Red Hat CSAF
VEX to communicate the respective Red Hat Security Advisory
for the vulnerability. We at DT need this attribute to get this data for our internal database of security advisories.

Signed-off-by: Jonathan Heinz <Jonathan.Heinz@telekom.de>
---
 pkg/csaf/csaf.go      | 1 +
 pkg/csaf/csaf_test.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/pkg/csaf/csaf.go b/pkg/csaf/csaf.go
index 8a99d5c..18b8850 100644
--- a/pkg/csaf/csaf.go
+++ b/pkg/csaf/csaf.go
@@ -160,6 +160,7 @@ type RemediationData struct {
 	GroupIDs     []string    `json:"group_ids"`
 	ProductIDs   []string    `json:"product_ids"`
 	Restart      RestartData `json:"restart_required"`
+	Url          string      `json:"url"`
 }
 
 // Remediation instructions for restart of affected software.
diff --git a/pkg/csaf/csaf_test.go b/pkg/csaf/csaf_test.go
index 4865e69..9c5153f 100644
--- a/pkg/csaf/csaf_test.go
+++ b/pkg/csaf/csaf_test.go
@@ -41,6 +41,9 @@ func TestOpenRHAdvisory(t *testing.T) {
 	require.Equal(t, doc.Document.Publisher.IssuingAuthority, "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.")
 	require.Equal(t, doc.Document.Publisher.Name, "Red Hat Product Security")
 	require.Equal(t, doc.Document.Publisher.Namespace, "https://www.redhat.com")
+
+	// Remediation Url
+	require.Equal(t, doc.Vulnerabilities[0].Remediations[0].Url, "https://access.redhat.com/errata/RHSA-2020:1358")
 }
 
 func TestFindFirstProduct(t *testing.T) {